Overview
Mail flow rules are needed to ensure Hoxhunt's simulation emails are safely delivered to every employee's Inbox. Sometimes Hoxhunt's default whitelisting rules may need to be customized in order to match the current email infrastructure. Below you will find few different scenarios and their suggested solutions.
IMPORTANT: There are also other solutions available. Any method described below may not suit your organisation due to security or other reasons. Main goal is to have Hoxhunt emails land safely to user Inboxes.
SCENARIO 1 - Pure
- O365, or
- On-premise Exchange server
Observation:
Email server sees the email originating from Hoxhunt's IP address 37.139.12.94 or 35.156.0.138.
Solution: Whitelisting and Mail Flow rules for Office 365 / On-premise Exchange server
SCENARIO 2 - Hybrid
- On-premise Exchange server -> O365, or
- O365 -> On-premise Exchange server
Observation:
Second email server falsely thinks the email is originating from first email server's IP address
Proposed solution:
Create a mail flow rule on first email server:
Apply this rule if: sender IP is 37.139.12.94 or 35.156.0.138
Do the following: set message header with a name and value.
Example name: X-Hoxhunt-token
Example value: 2325c60d837dk69w30
IMPORTANT: choose your own name and value and do not use the examples above!
Create a mail flow rule on second email server:
Apply this rule if: a message header includes X-HoxHunt-token with value 2325c60d837dk69w30
Do the following: then set spam confidence level (SCL) to -1
Do the following: remove header X-HoxHunt-token
TIP: Hoxhunt can also equip simulation emails with custom header and value for this purpose. However, setting the header internally provides additional security. If you want Hoxhunt to add the custom header for you, please check this article and contact Hoxhunt.
SCENARIO 3 - Complex Hybrid
- Edge Transport Server -> Security filter -> On-premise Exchange server -> O365
Observation:
a) O365 falsely thinks the email is originating from Security filter but Edge Transport Server sees it's coming from Hoxhunt IP address 37.139.12.94 or 35.156.0.138.
b) Only the Edge Transport Server has an MX record available
Proposed solution:
Create a mail flow rule on Edge Transport Server:
Apply this rule if: sender IP is 37.139.12.94 or 35.156.0.138
Do the following: set message header with a name and value.
Example name: X-Hoxhunt-token
Example value: 2325c60d837dk69w30
IMPORTANT: choose your own name and value and do not use the examples above!
Create a mail flow rule on consequent email servers:
See instructions: Whitelisting based on custom email header
Create a mail flow rule on last email server:
Apply this rule if: a message header includes X-HoxHunt-token with value 2325c60d837dk69w30
Do the following: then set spam confidence level (SCL) to -1
Do the following: remove header X-HoxHunt-token
TIP: Hoxhunt can also equip simulation emails with custom header and value for this purpose. However, setting the header internally provides additional security. If you want Hoxhunt to add the custom header for you, please check this article and contact Hoxhunt.
SCENARIO 4 - Hybrid
- Security filter -> On-premise Exchange server -> O365
- Security filter -> O365 -> On-premise Exchange server
Observation:
a) Security filter sees the email originating from Hoxhunt's IP address 37.139.12.94 or 35.156.0.138 but changes the originating IP address
b) Security filter doesn't support IP-based bypass rules
c) First or second email server has an MX record, and all recipient can be accessed via that server
Proposed solution:
Please set up up a Receive connector and contact Hoxhunt to complete the setup. Hoxhunt will send emails to the specified MX record.
Alternative solution:
Please follow the method described in SCENARIO 2.